Code Coverage for /data/phpBB/includes/acp/acp_permission

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	0.00% covered (danger)	0.00%	0 / 324	0.00% covered (danger)	0.00%	0 / 3	CRAP	0.00% covered (danger)	0.00%	0 / 1
acp_permission_roles	0.00% covered (danger)	0.00%	0 / 322	0.00% covered (danger)	0.00%	0 / 3	6642	0.00% covered (danger)	0.00%	0 / 1
main	0.00% covered (danger)	0.00%	0 / 264	0.00% covered (danger)	0.00%	0 / 1	3660
display_auth_options	0.00% covered (danger)	0.00%	0 / 23	0.00% covered (danger)	0.00%	0 / 1	240
remove_role	0.00% covered (danger)	0.00%	0 / 35	0.00% covered (danger)	0.00%	0 / 1	42

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	/**
15	* @ignore
16	*/
17	if (!defined('IN_PHPBB'))
18	{
19	exit;
20	}
21
22	class acp_permission_roles
23	{
24	var $u_action;
25	protected $auth_admin;
26
27	function main($id, $mode)
28	{
29	global $db, $user, $template, $phpbb_container;
30	global $phpbb_root_path, $phpEx;
31	global $request, $phpbb_log;
32
33	if (!function_exists('user_get_id_name'))
34	{
35	include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
36	}
37
38	if (!class_exists('auth_admin'))
39	{
40	include($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
41	}
42
43	$this->auth_admin = new auth_admin();
44
45	$user->add_lang('acp/permissions');
46	add_permission_language();
47
48	$this->tpl_name = 'acp_permission_roles';
49
50	$submit = (isset($_POST['submit'])) ? true : false;
51	$role_id = $request->variable('role_id', 0);
52	$action = $request->variable('action', '');
53	$action = (isset($_POST['add'])) ? 'add' : $action;
54
55	$form_name = 'acp_permissions';
56	add_form_key($form_name);
57
58	if (!$role_id && in_array($action, array('remove', 'edit', 'move_up', 'move_down')))
59	{
60	trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);
61	}
62
63	switch ($mode)
64	{
65	case 'admin_roles':
66	$permission_type = 'a_';
67	$this->page_title = 'ACP_ADMIN_ROLES';
68	break;
69
70	case 'user_roles':
71	$permission_type = 'u_';
72	$this->page_title = 'ACP_USER_ROLES';
73	break;
74
75	case 'mod_roles':
76	$permission_type = 'm_';
77	$this->page_title = 'ACP_MOD_ROLES';
78	break;
79
80	case 'forum_roles':
81	$permission_type = 'f_';
82	$this->page_title = 'ACP_FORUM_ROLES';
83	break;
84
85	default:
86	trigger_error('NO_MODE', E_USER_ERROR);
87	break;
88	}
89
90	$template->assign_vars(array(
91	'L_TITLE' => $user->lang[$this->page_title],
92	'L_EXPLAIN' => $user->lang[$this->page_title . '_EXPLAIN'])
93	);
94
95	// Take action... admin submitted something
96	if ($submit \|\| $action == 'remove')
97	{
98	switch ($action)
99	{
100	case 'remove':
101
102	$sql = 'SELECT *
103	FROM ' . ACL_ROLES_TABLE . '
104	WHERE role_id = ' . $role_id;
105	$result = $db->sql_query($sql);
106	$role_row = $db->sql_fetchrow($result);
107	$db->sql_freeresult($result);
108
109	if (!$role_row)
110	{
111	trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);
112	}
113
114	if (confirm_box(true))
115	{
116	$this->remove_role($role_id, $permission_type);
117
118	$role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
119	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_' . strtoupper($permission_type) . 'ROLE_REMOVED', false, array($role_name));
120	trigger_error($user->lang['ROLE_DELETED'] . adm_back_link($this->u_action));
121	}
122	else
123	{
124	confirm_box(false, 'DELETE_ROLE', build_hidden_fields(array(
125	'i' => $id,
126	'mode' => $mode,
127	'role_id' => $role_id,
128	'action' => $action,
129	)));
130	}
131
132	break;
133
134	case 'edit':
135
136	// Get role we edit
137	$sql = 'SELECT *
138	FROM ' . ACL_ROLES_TABLE . '
139	WHERE role_id = ' . $role_id;
140	$result = $db->sql_query($sql);
141	$role_row = $db->sql_fetchrow($result);
142	$db->sql_freeresult($result);
143
144	if (!$role_row)
145	{
146	trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);
147	}
148
149	// no break;
150
151	case 'add':
152
153	if (!check_form_key($form_name))
154	{
155	trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING);
156	}
157
158	$role_name = $request->variable('role_name', '', true);
159	$role_description = $request->variable('role_description', '', true);
160	$auth_settings = $request->variable('setting', array('' => 0));
161
162	if (!$role_name)
163	{
164	trigger_error($user->lang['NO_ROLE_NAME_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);
165	}
166
167	if (utf8_strlen($role_description) > 4000)
168	{
169	trigger_error($user->lang['ROLE_DESCRIPTION_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
170	}
171
172	// if we add/edit a role we check the name to be unique among the settings...
173	$sql = 'SELECT role_id
174	FROM ' . ACL_ROLES_TABLE . "
175	WHERE role_type = '" . $db->sql_escape($permission_type) . "'
176	AND role_name = '" . $db->sql_escape($role_name) . "'";
177	$result = $db->sql_query($sql);
178	$row = $db->sql_fetchrow($result);
179	$db->sql_freeresult($result);
180
181	// Make sure we only print out the error if we add the role or change it's name
182	if ($row && ($action == 'add' \|\| ($action == 'edit' && $role_row['role_name'] != $role_name)))
183	{
184	trigger_error(sprintf($user->lang['ROLE_NAME_ALREADY_EXIST'], $role_name) . adm_back_link($this->u_action), E_USER_WARNING);
185	}
186
187	$sql_ary = array(
188	'role_name' => (string) $role_name,
189	'role_description' => (string) $role_description,
190	'role_type' => (string) $permission_type,
191	);
192
193	if ($action == 'edit')
194	{
195	$sql = 'UPDATE ' . ACL_ROLES_TABLE . '
196	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
197	WHERE role_id = ' . $role_id;
198	$db->sql_query($sql);
199	}
200	else
201	{
202	// Get maximum role order for inserting a new role...
203	$sql = 'SELECT MAX(role_order) as max_order
204	FROM ' . ACL_ROLES_TABLE . "
205	WHERE role_type = '" . $db->sql_escape($permission_type) . "'";
206	$result = $db->sql_query($sql);
207	$max_order = (int) $db->sql_fetchfield('max_order');
208	$db->sql_freeresult($result);
209
210	$sql_ary['role_order'] = $max_order + 1;
211
212	$sql = 'INSERT INTO ' . ACL_ROLES_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
213	$db->sql_query($sql);
214
215	$role_id = $db->sql_nextid();
216	}
217
218	// Now add the auth settings
219	$this->auth_admin->acl_set_role($role_id, $auth_settings);
220
221	$role_name = (!empty($user->lang[$role_name])) ? $user->lang[$role_name] : $role_name;
222	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_' . strtoupper($permission_type) . 'ROLE_' . strtoupper($action), false, array($role_name));
223
224	trigger_error($user->lang['ROLE_' . strtoupper($action) . '_SUCCESS'] . adm_back_link($this->u_action));
225
226	break;
227	}
228	}
229
230	// Display screens
231	switch ($action)
232	{
233	case 'add':
234
235	$options_from = $request->variable('options_from', 0);
236
237	$role_row = array(
238	'role_name' => $request->variable('role_name', '', true),
239	'role_description' => $request->variable('role_description', '', true),
240	'role_type' => $permission_type,
241	);
242
243	if ($options_from)
244	{
245	$sql = 'SELECT p.auth_option_id, p.auth_setting, o.auth_option
246	FROM ' . ACL_ROLES_DATA_TABLE . ' p, ' . ACL_OPTIONS_TABLE . ' o
247	WHERE o.auth_option_id = p.auth_option_id
248	AND p.role_id = ' . $options_from . '
249	ORDER BY p.auth_option_id';
250	$result = $db->sql_query($sql);
251
252	$auth_options = array();
253	while ($row = $db->sql_fetchrow($result))
254	{
255	$auth_options[$row['auth_option']] = $row['auth_setting'];
256	}
257	$db->sql_freeresult($result);
258	}
259	else
260	{
261	$sql = 'SELECT auth_option_id, auth_option
262	FROM ' . ACL_OPTIONS_TABLE . "
263	WHERE auth_option " . $db->sql_like_expression($permission_type . $db->get_any_char()) . "
264	AND auth_option <> '{$permission_type}'
265	ORDER BY auth_option_id";
266	$result = $db->sql_query($sql);
267
268	$auth_options = array();
269	while ($row = $db->sql_fetchrow($result))
270	{
271	$auth_options[$row['auth_option']] = ACL_NO;
272	}
273	$db->sql_freeresult($result);
274	}
275
276	// no break;
277
278	case 'edit':
279
280	if ($action == 'edit')
281	{
282	$sql = 'SELECT *
283	FROM ' . ACL_ROLES_TABLE . '
284	WHERE role_id = ' . $role_id;
285	$result = $db->sql_query($sql);
286	$role_row = $db->sql_fetchrow($result);
287	$db->sql_freeresult($result);
288
289	$sql = 'SELECT p.auth_option_id, p.auth_setting, o.auth_option
290	FROM ' . ACL_ROLES_DATA_TABLE . ' p, ' . ACL_OPTIONS_TABLE . ' o
291	WHERE o.auth_option_id = p.auth_option_id
292	AND p.role_id = ' . $role_id . '
293	ORDER BY p.auth_option_id';
294	$result = $db->sql_query($sql);
295
296	$auth_options = array();
297	while ($row = $db->sql_fetchrow($result))
298	{
299	$auth_options[$row['auth_option']] = $row['auth_setting'];
300	}
301	$db->sql_freeresult($result);
302	}
303
304	if (!$role_row)
305	{
306	trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);
307	}
308
309	/* @var $phpbb_permissions \phpbb\permissions */
310	$phpbb_permissions = $phpbb_container->get('acl.permissions');
311
312	$template->assign_vars(array(
313	'S_EDIT' => true,
314
315	'U_ACTION' => $this->u_action . "&action={$action}&role_id={$role_id}",
316	'U_BACK' => $this->u_action,
317
318	'ROLE_NAME' => $role_row['role_name'],
319	'ROLE_DESCRIPTION' => $role_row['role_description'],
320	'L_ACL_TYPE' => $phpbb_permissions->get_type_lang($permission_type),
321	));
322
323	// We need to fill the auth options array with ACL_NO options ;)
324	$sql = 'SELECT auth_option_id, auth_option
325	FROM ' . ACL_OPTIONS_TABLE . "
326	WHERE auth_option " . $db->sql_like_expression($permission_type . $db->get_any_char()) . "
327	AND auth_option <> '{$permission_type}'
328	ORDER BY auth_option_id";
329	$result = $db->sql_query($sql);
330
331	while ($row = $db->sql_fetchrow($result))
332	{
333	if (!isset($auth_options[$row['auth_option']]))
334	{
335	$auth_options[$row['auth_option']] = ACL_NO;
336	}
337	}
338	$db->sql_freeresult($result);
339
340	// Unset global permission option
341	unset($auth_options[$permission_type]);
342
343	// Display auth options
344	$this->display_auth_options($auth_options);
345
346	// Get users/groups/forums using this preset...
347	if ($action == 'edit')
348	{
349	$hold_ary = $this->auth_admin->get_role_mask($role_id);
350
351	if (count($hold_ary))
352	{
353	$role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
354
355	$template->assign_vars(array(
356	'S_DISPLAY_ROLE_MASK' => true,
357	'L_ROLE_ASSIGNED_TO' => sprintf($user->lang['ROLE_ASSIGNED_TO'], $role_name))
358	);
359
360	$this->auth_admin->display_role_mask($hold_ary);
361	}
362	}
363
364	return;
365	break;
366
367	case 'move_up':
368	case 'move_down':
369
370	if (!check_link_hash($request->variable('hash', ''), 'acp_permission_roles'))
371	{
372	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
373	}
374
375	$sql = 'SELECT role_order
376	FROM ' . ACL_ROLES_TABLE . "
377	WHERE role_id = $role_id";
378	$result = $db->sql_query($sql);
379	$order = $db->sql_fetchfield('role_order');
380	$db->sql_freeresult($result);
381
382	if ($order === false \|\| ($order == 0 && $action == 'move_up'))
383	{
384	break;
385	}
386	$order = (int) $order;
387	$order_total = $order * 2 + (($action == 'move_up') ? -1 : 1);
388
389	$sql = 'UPDATE ' . ACL_ROLES_TABLE . '
390	SET role_order = ' . $order_total . " - role_order
391	WHERE role_type = '" . $db->sql_escape($permission_type) . "'
392	AND role_order IN ($order, " . (($action == 'move_up') ? $order - 1 : $order + 1) . ')';
393	$db->sql_query($sql);
394
395	if ($request->is_ajax())
396	{
397	$json_response = new \phpbb\json_response;
398	$json_response->send(array(
399	'success' => (bool) $db->sql_affectedrows(),
400	));
401	}
402
403	break;
404	}
405
406	// By default, check that role_order is valid and fix it if necessary
407	$sql = 'SELECT role_id, role_order
408	FROM ' . ACL_ROLES_TABLE . "
409	WHERE role_type = '" . $db->sql_escape($permission_type) . "'
410	ORDER BY role_order ASC";
411	$result = $db->sql_query($sql);
412
413	if ($row = $db->sql_fetchrow($result))
414	{
415	$order = 0;
416	do
417	{
418	$order++;
419	if ($row['role_order'] != $order)
420	{
421	$db->sql_query('UPDATE ' . ACL_ROLES_TABLE . " SET role_order = $order WHERE role_id = {$row['role_id']}");
422	}
423	}
424	while ($row = $db->sql_fetchrow($result));
425	}
426	$db->sql_freeresult($result);
427
428	// Display assigned items?
429	$display_item = $request->variable('display_item', 0);
430
431	// Select existing roles
432	$sql = 'SELECT *
433	FROM ' . ACL_ROLES_TABLE . "
434	WHERE role_type = '" . $db->sql_escape($permission_type) . "'
435	ORDER BY role_order ASC";
436	$result = $db->sql_query($sql);
437
438	$s_role_options = '';
439	while ($row = $db->sql_fetchrow($result))
440	{
441	$role_name = (!empty($user->lang[$row['role_name']])) ? $user->lang[$row['role_name']] : $row['role_name'];
442
443	$template->assign_block_vars('roles', array(
444	'ROLE_NAME' => $role_name,
445	'ROLE_DESCRIPTION' => (!empty($user->lang[$row['role_description']])) ? $user->lang[$row['role_description']] : nl2br($row['role_description']),
446
447	'U_EDIT' => $this->u_action . '&action=edit&role_id=' . $row['role_id'],
448	'U_REMOVE' => $this->u_action . '&action=remove&role_id=' . $row['role_id'],
449	'U_MOVE_UP' => $this->u_action . '&action=move_up&role_id=' . $row['role_id'] . '&hash=' . generate_link_hash('acp_permission_roles'),
450	'U_MOVE_DOWN' => $this->u_action . '&action=move_down&role_id=' . $row['role_id'] . '&hash=' . generate_link_hash('acp_permission_roles'),
451	'U_DISPLAY_ITEMS' => ($row['role_id'] == $display_item) ? '' : $this->u_action . '&display_item=' . $row['role_id'] . '#assigned_to')
452	);
453
454	$s_role_options .= '<option value="' . $row['role_id'] . '">' . $role_name . '</option>';
455
456	if ($display_item == $row['role_id'])
457	{
458	$template->assign_vars(array(
459	'L_ROLE_ASSIGNED_TO' => sprintf($user->lang['ROLE_ASSIGNED_TO'], $role_name))
460	);
461	}
462	}
463	$db->sql_freeresult($result);
464
465	$template->assign_vars(array(
466	'S_ROLE_OPTIONS' => $s_role_options)
467	);
468
469	if ($display_item)
470	{
471	$template->assign_vars(array(
472	'S_DISPLAY_ROLE_MASK' => true)
473	);
474
475	$hold_ary = $this->auth_admin->get_role_mask($display_item);
476	$this->auth_admin->display_role_mask($hold_ary);
477	}
478	}
479
480	/**
481	* Display permission settings able to be set
482	*/
483	function display_auth_options($auth_options)
484	{
485	global $template, $phpbb_container;
486
487	/* @var $phpbb_permissions \phpbb\permissions */
488	$phpbb_permissions = $phpbb_container->get('acl.permissions');
489
490	$content_array = $categories = array();
491	$key_sort_array = array(0);
492	$auth_options = array(0 => $auth_options);
493
494	// Making use of auth_admin method here (we do not really want to change two similar code fragments)
495	$this->auth_admin->build_permission_array($auth_options, $content_array, $categories, $key_sort_array);
496
497	$content_array = $content_array[0];
498
499	$template->assign_var('S_NUM_PERM_COLS', count($categories));
500
501	// Assign to template
502	foreach ($content_array as $cat => $cat_array)
503	{
504	$template->assign_block_vars('auth', array(
505	'CAT_NAME' => $phpbb_permissions->get_category_lang($cat),
506
507	'S_YES' => ($cat_array['S_YES'] && !$cat_array['S_NEVER'] && !$cat_array['S_NO']) ? true : false,
508	'S_NEVER' => ($cat_array['S_NEVER'] && !$cat_array['S_YES'] && !$cat_array['S_NO']) ? true : false,
509	'S_NO' => ($cat_array['S_NO'] && !$cat_array['S_NEVER'] && !$cat_array['S_YES']) ? true : false)
510	);
511
512	foreach ($cat_array['permissions'] as $permission => $allowed)
513	{
514	$template->assign_block_vars('auth.mask', array(
515	'S_YES' => ($allowed == ACL_YES) ? true : false,
516	'S_NEVER' => ($allowed == ACL_NEVER) ? true : false,
517	'S_NO' => ($allowed == ACL_NO) ? true : false,
518
519	'FIELD_NAME' => $permission,
520	'PERMISSION' => $phpbb_permissions->get_permission_lang($permission),
521	));
522	}
523	}
524	}
525
526	/**
527	* Remove role
528	*/
529	function remove_role($role_id, $permission_type)
530	{
531	global $db;
532
533	// Get complete auth array
534	$sql = 'SELECT auth_option, auth_option_id
535	FROM ' . ACL_OPTIONS_TABLE . "
536	WHERE auth_option " . $db->sql_like_expression($permission_type . $db->get_any_char());
537	$result = $db->sql_query($sql);
538
539	$auth_settings = array();
540	while ($row = $db->sql_fetchrow($result))
541	{
542	$auth_settings[$row['auth_option']] = ACL_NO;
543	}
544	$db->sql_freeresult($result);
545
546	// Get the role auth settings we need to re-set...
547	$sql = 'SELECT o.auth_option, r.auth_setting
548	FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o
549	WHERE o.auth_option_id = r.auth_option_id
550	AND r.role_id = ' . $role_id;
551	$result = $db->sql_query($sql);
552
553	while ($row = $db->sql_fetchrow($result))
554	{
555	$auth_settings[$row['auth_option']] = $row['auth_setting'];
556	}
557	$db->sql_freeresult($result);
558
559	// Get role assignments
560	$hold_ary = $this->auth_admin->get_role_mask($role_id);
561
562	// Re-assign permissions
563	foreach ($hold_ary as $forum_id => $forum_ary)
564	{
565	if (isset($forum_ary['users']))
566	{
567	$this->auth_admin->acl_set('user', $forum_id, $forum_ary['users'], $auth_settings, 0, false);
568	}
569
570	if (isset($forum_ary['groups']))
571	{
572	$this->auth_admin->acl_set('group', $forum_id, $forum_ary['groups'], $auth_settings, 0, false);
573	}
574	}
575
576	// Remove role from users and groups just to be sure (happens through acl_set)
577	$sql = 'DELETE FROM ' . ACL_USERS_TABLE . '
578	WHERE auth_role_id = ' . $role_id;
579	$db->sql_query($sql);
580
581	$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . '
582	WHERE auth_role_id = ' . $role_id;
583	$db->sql_query($sql);
584
585	// Remove role data and role
586	$sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE . '
587	WHERE role_id = ' . $role_id;
588	$db->sql_query($sql);
589
590	$sql = 'DELETE FROM ' . ACL_ROLES_TABLE . '
591	WHERE role_id = ' . $role_id;
592	$db->sql_query($sql);
593
594	$this->auth_admin->acl_clear_prefetch();
595	}
596	}